Deceptions Everywhere ®

Insights on threat and cyber risk trends, use cases for deception technology and strategies for combatting targeted attacks

The Johari Window: How Known Unknowns Led to the Largest Cybersecurity Breach of National Security in U.S. History

“Therefore just as water retains no constant shape, so in warfare there are no constant conditions.” -Sun Tzu

This article presents a different perspective on the recent SolarWinds breach in the growing number of articles on the recent attacks. It also proposes a different approach to adversary detection by detecting the constants in a breach using the concept of active defense as described by the new MITRE Shield framework. The idea is that blue teams should detect lateral movement and living off the land after the adversary has established a beachhead instead of relying solely on detecting the attack using known knowns.
Read More

Illusive Joins CyberArk Marketplace

We’ve got some exciting news to share with you: we’ve just joined CyberArk Marketplace! As you may know, CyberArk offers the leading Privileged Access Management solution and is the only security software company focused on eliminating cyber threats that use insider privileges to attack an organization’s most critical assets and infrastructure. The CyberArk Marketplace delivers unprecedented simplicity and speed for security and IT operations teams to extend the benefits of securing privileged access across the enterprise – on-premises, in hybrid cloud environments, and throughout the DevOps pipeline.
Read More

CISOs Share 2021 Predictions for Cybersecurity

Thankfully, 2020 is on the way out. What are CISOs saying about what’s to come in 2021? From targeted ransomware, insider threats, cloud security, lateral movement, and remote work, to the importance of good cyber hygiene and credential management, there are A LOT of challenges to be dealt with. So we brought together CISOs to hear their thoughts and 2021 predictions for cybersecurity. 
Read More

Securing Identities Through Digital Transformation By Reducing The Attack Surface

The topic of accelerated (or forced) digital transformation has been top of mind during many of my recent discussions with customers.  It comes as no surprise that human-operated campaigns, such as ransomware, quickly and enthusiastically adapted to the entire global workforce now operating remotely, imposing many organizations to modernize their cyber resiliency and security operations.   From a more fundamental technology perspective, it may be a positive side benefit for organizations that had long term multi-year plans for digital transformation and are now embracing technology to enable their business.
Read More

Illusive Networks Advisory – SolarWinds Supply Chain Attack

Since last week and continuing into this week, details of the attack first perpetrated on FireEye and subsequently on the US Government Departments of Treasury and Commerce continue to evolve. We now know that the attack’s origin was the SolarWinds Orion IT management software versions 2019.4 HF 5 and 2020.2 HF 1, containing a backdoor (Sunburst). According to the FireEye analysis, this campaign may have started as early as spring 2020. We recommend you follow the remediation guidelines from SolarWinds, and any other organizations directly involved in the attack.

It’s still early, and industry knowledge about the attack remains incomplete, nevertheless we have learned enough to start developing plans to assess and reduce risk for organizations running the affected versions of SolarWinds Orion software. In this attack, as with most other advanced attacks like APTs and the new forms of targeted (human-operated) ransomware, attackers establish an initial beachhead, surveil their surroundings and move laterally to harvest privileged credentials that give them access to valuable information – “crown jewels”.
Read More

3 Facts About MITRE Shield and Targeted Ransomware

You’ve probably heard me write or speak about ransomware a lot more recently, and for good reason. Targeted, APT-like ransomware attacks against large healthcare organizations and other enterprises have been all over the news. 

Recently, I had the opportunity to present a webinar along with MITRE that focused on MITRE Shield, the concept of Active Defense, and how we can use some of these proactive techniques against ransomware attackers. Below, I’ll look at 3 key facts for security teams to understand when planning your active defense strategy against ransomware threats. 
Read More

The Telco Insider Attack Spike

I recently participated in a webinar as part of a series co-hosted by Team8, Amdocs and AT&T called “The Future of Telco Cybersecurity.” I encourage you to watch the recording, which featured an interesting and wide-ranging discussion of the many security issues confronting telecommunications companies as we start winding down this crazy and unprecedented year.
Read More

Why Are Ransomware Attacks Still Happening?

Here we go again: this past Thursday, officials from three US federal agencies issued a statement warning about an “imminent cybercrime threat to US hospitals and healthcare providers.” The threat in question comes from a Russia-based cybercriminal gang preparing to disrupt information technology systems at hundreds of hospitals and medical care facilities all over the US with ransomware. The attackers will make devices on the hospital networks unusable unless a sizable payoff is made, and indeed, at least five US hospitals already seem to be under attack. With patient populations surging in the wake of another wave of coronavirus cases and a presidential election on the horizon, the imminent threat could prove catastrophic without the proper security measures to fight back.
Read More

Reduce Detection Blind Spots with Deceptive Emulations of IoT, OT, and Network Devices

When it comes to IoT devices – or other network devices including routers, switches and printers – the impossibility of effectively patching or monitoring them, along with their sheer diversity, creates a mass of ideal network locations for cyberattackers to carry out reconnaissance, surveillance and data theft undetected. This article will look at a deception-led approach to reducing detection blind spots surrounding these difficult-to-secure devices.
Read More

Healthcare Under Cyberattack – Advanced Ransomware, IoMT Devices, and Data Breaches

Healthcare institutions are facing unprecedented threats. We’ve all been rocked with horror at the major cyberattacks on hospitals this past week. What’s scary about these types of attacks is that they can very quickly lead to lost lives, not just lost dollars.
Read More